Monero Developers Patch the “Burning Bug” That Allowed Theft From Crypto Exchanges

Monero Developers Patch the “Burning Bug” That Allowed Theft From Crypto Exchanges

The developers behind the privacy-oriented cryptocurrency monero (XMR), currently the 10th-largest digital asset, have announced fixing a severe vulnerability. If detected by hackers, the bug could have allowed to cause significant damage to crypto exchanges and online merchants, accepting payments in XMR.

Reportedly, the bug was discovered after a community member described a hypothetical attack on the subreddit of monero. It was found lying in the wallet software would have potentially allowed a user to “burn” XMR by sending multiple payments to the same stealth address. For those unfamiliar with the term, stealth address is a payment proxy, adding an extra layer of privacy. The user, sending the crypto, can transfer it to a stealth address, which then re-routes the funds to the intended real address.

The official blog post shed some light on how the vulnerability could have been exploited, saying that, “An attacker first generates a random private transaction key. Thereafter, they modify the code to merely use this particular private transaction key, which ensures multiple transactions to the same public address (e.g. an exchange’s hot wallet) are sent to the same stealth address. Subsequently, they send, say, a thousand transactions of 1 XMR to an exchange. Because the exchange’s wallet does not warn for this particular abnormality (i.e. funds being received on the same stealth address), the exchange will, as usual, credit the attacker with 1000 XMR.“

Basically, after sending 1 XMR token a thousand times, the attacker would receive an equivalent amount of another crypto, for example BTC. The exchange, running on a defective Monero code, would reply to all 1000 transactions with bitcoin but would later validate only the first transaction and invalidate the rest of the funds, after the expiration of stealth addresses.

This could have resulted in massive losses for the exchanges but luckily the Monero devs have already implemented a fix, releasing the v. patch earlier today. The bug did not affect the XMR protocol or the coin supply.

It is not the first time that Monero has been a subject of controversy. The anonymous digital currency has long been favoured by hackers and other bad actors and we have already reported that malicious XMR mining software has been detecting in Apple’s Mac computers earlier this year.

However, even the mighty bitcoin is not safe against similar incidents. Last week, BTC developers have reported of detecting a bug that would have allowed malicious miners to artificially inflate the supply of bitcoin through a double spend transaction.

Image Source: “Flickr”

Leave a Reply

Your email address will not be published. Required fields are marked *